[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
This patch is not acceptable as you are trying to fix a security issue (already fixed) and a bug issue. Please only upload a debdiff for the bug issue. Also create a new ticket for that, as this one if for the security issue and that was already fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Patch added: "maven_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5701761/+files/maven_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
I have tried to apply debdiff for maven_focal.debdiff[1] $ debdiff-apply < ../maven_focal.debdiff Traceback (most recent call last): File "/usr/bin/debdiff-apply", line 382, in sys.exit(main(sys.argv[1:])) ^^ File "/usr/bin/debdiff-apply", line 312, in main patch = unidiff.PatchSet(data.splitlines(keepends=True), encoding=enc) ^^ File "/usr/lib/python3/dist-packages/unidiff/patch.py", line 460, in __init__ self._parse(data, encoding=encoding, metadata_only=metadata_only) File "/usr/lib/python3/dist-packages/unidiff/patch.py", line 548, in _parse current_file._parse_hunk(line, diff, encoding, metadata_only) File "/usr/lib/python3/dist-packages/unidiff/patch.py", line 316, in _parse_hunk raise UnidiffParseError( unidiff.errors.UnidiffParseError: Hunk diff line expected: diff -Nru maven-3.6.3/debian/control maven-3.6.3/debian/control [1] https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5697379/+files/maven_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Also affects: maven-resolver (Ubuntu) Importance: Undecided Status: New ** Patch added: "maven-resolver_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/maven-resolver/+bug/1922654/+attachment/5700653/+files/maven-resolver_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Patch added: "maven-resolver_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/maven-resolver/+bug/1922654/+attachment/5700654/+files/maven-resolver_jammy.debdiff ** Changed in: maven-resolver (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
That is already fixed under Ubuntu Pro: https://ubuntu.com/security/notices/USN-5245-1 https://ubuntu.com/security/notices/USN-5239-1 ** Changed in: maven (Ubuntu) Status: Confirmed => Fix Released ** Changed in: httpcomponents-client (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Changed in: maven (Ubuntu) Assignee: Luís Infante da Câmara (luis220413) => (unassigned) ** Patch added: "maven_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5697382/+files/maven_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Patch added: "maven_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5697379/+files/maven_focal.debdiff ** Changed in: maven (Ubuntu) Assignee: (unassigned) => Luís Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26291 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13956 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the packages referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Also affects: httpcomponents-client (Ubuntu) Importance: Undecided Status: New ** Changed in: httpcomponents-client (Ubuntu) Status: New => Confirmed ** Changed in: maven (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs